OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier,...
8.8CVSS
8.7AI Score
0.001EPSS
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root...
6CVSS
7.3AI Score
0.0004EPSS
Ivanti Connect Secure is a seamless, cost-effective SSL VPN solution for remote and mobile users. A command execution vulnerability exists in Ivanti Connect Secure by Inwanzi Software Technology (Beijing) Co. that can be exploited by an attacker to execute arbitrary...
9.1CVSS
7.8AI Score
0.969EPSS
Philips In.Sight Default Credentials (Telnet)
The remote Philips In.Sight Device has default credentials ...
9.8CVSS
9.7AI Score
0.007EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...
7.8CVSS
7.7AI Score
0.0005EPSS
Beijing Asian Control Technology Development Co., Ltd. is a high-tech enterprise of automation software platform. A weak password vulnerability exists in the KingPortal development system of Beijing Asian Control Technology Development Co. Ltd, which can be exploited by attackers to obtain...
6.9AI Score
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
7.3AI Score
Pyradm - Python Remote Administration Tool Via Telegram
Remote administration crossplatfrom tool via telegram\ Coded with ❤️ python3 + aiogram3\ https://t.me/pt_soft v0.3 [X] Screenshot from target [X] Crossplatform [X] Upload/Download [X] Fully compatible shell [X] Process list [X] Webcam (video record or screenshot) [X] Geolocation [X] Filemanager...
7.7AI Score
Amazon Linux 2 : thunderbird (ALAS-2020-1414)
The Mozilla Foundation Security Advisory describes this flaw as: When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. (CVE-2020-6805) The Mozilla Foundation Security Advisory describes...
9.8CVSS
9.1AI Score
0.526EPSS
Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users
Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy. "The latest iteration of LightSpy, dubbed 'F_Warehouse,' boasts a modular framework with extensive spying features,"....
7.5AI Score
Sony IPELA Engine IP Cameras Backdoor Vulnerability
on a Sony IPELA Engine IP Camera is prone to a backdoor...
7.2AI Score
RHEL 6 : mozilla (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) Mozilla:...
9.7AI Score
0.38EPSS
New RedLine Stealer Variant Disguised as Game Cheats Using Lua Bytecode for Stealth
A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server IP...
9.8CVSS
6.4AI Score
0.006EPSS
Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
Overview Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management Mode (SMM) by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access (DMA) timing...
8.2CVSS
7.1AI Score
0.0004EPSS
Stable Channel Update for ChromeOS / ChromeOS Flex
The Stable channel is being updated to 122.0.6045.214 (Platform version: 15753.38.0) for most ChromeOS devices and will be rolled out over the coming days. This build contains a number of bug fixes and security updates. If you find new issues, please let us know one of the following ways: File a...
9.8CVSS
7.8AI Score
0.582EPSS
IKEv1 Main Mode vulnerable to brute force attacks
Overview Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Description The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. (CVE-2018-5389) It is well known, that the aggressive mode of IKEv1 PSK is...
5.9CVSS
5.8AI Score
0.003EPSS
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails...
7.3AI Score
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
The following Rapid7 team members contributed to this blog: Ipek Solak, Thomas Elkins, Evan McCann, Matthew Smith, Jake McMahon, Tyler McGraw, Ryan Emmons, Stephen Fewer, and John Fenninger Overview Justice AV Solutions (JAVS) is a U.S.-based company specializing in digital audio-visual recording.....
8.4CVSS
8.8AI Score
0.028EPSS
bind-dyndb-ldap [11.6-4] - Modify empty zone conflicts under exclusive mode Resolves: rhbz#2126877 [11.6-3] - Rebuild against bind 9.11.36 - Resolves: rhbz#2022762 [11.6-2] - Rebuild against bind 9.11.26 - Resolves: rhbz#1904612 [11.6-1] - New upstream release - Resolves: rhbz#1891735 [11.3-1] -...
5.3CVSS
7.6AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the...
5.9AI Score
0.028EPSS
Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the...
7.1AI Score
0.041EPSS
KingSuperSCADA Information Leakage Vulnerability in Beijing Asian Control Technology Development Co.
KingSuperSCADA is a fully configurable monitoring platform software. An information disclosure vulnerability exists in KingSuperSCADA, which can be exploited by attackers to obtain sensitive...
6.4AI Score
Going viral shouldn’t lead to bomb threats, with Leigh Honeywell: Lock and Code S05E06
This week on the Lock and Code podcast… A disappointing meal at a restaurant. An ugly breakup between two partners. A popular TV show that kills off a beloved, main character. In a perfect world, these are irritations and moments of vulnerability. But online today, these same events can sometimes.....
7.4AI Score
EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1508)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local...
7.5CVSS
6.6AI Score
0.002EPSS
7.3AI Score
I wrote a short document describing how I maintain open source projects, to link it from my global CODE_OF_CONDUCT, CONTRIBUTING, and SECURITY files. It talks about how I prefer issues to PRs, how I work in batches, and how I'm trigger-happy with bans. It's all about setting expectations. It got...
7.6AI Score
Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. An information leakage vulnerability exists in Zhejiang Dahua Technology Co. city security monitoring DSS system, which can be exploited by attackers to obtain sensitive...
6.6AI Score
RHEL 6 : kernel (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...
8.7AI Score
EPSS
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5691)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5691 advisory. There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c....
7.1CVSS
7AI Score
0.001EPSS
Axis Network Camera Multiple Vulnerabilities (Jun 2018)
Axis Network Cameras is prone to multiple...
9.8CVSS
8.7AI Score
0.105EPSS
K000138650 : cURL vulnerability CVE-2023-46218
Security Advisory Description This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It...
6.5CVSS
6.9AI Score
0.001EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...
7.8CVSS
7.2AI Score
EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array...
7.8CVSS
7.2AI Score
EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1643-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1643-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two...
7.8CVSS
7.2AI Score
EPSS
An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi...
7.7AI Score
0.0004EPSS
An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi...
7.5AI Score
0.0004EPSS
Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected...
7.3CVSS
6.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown
Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers control over victim computers...
7.5AI Score
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF...
9.4AI Score
0.0004EPSS
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF...
7.2AI Score
0.0004EPSS
9.8CVSS
7.1AI Score
0.001EPSS
An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi...
7.7AI Score
0.0004EPSS
Mobotix S14 Camera Cross-Site Request Forgery (CVE-2019-12502)
There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
8.8CVSS
8.9AI Score
0.001EPSS
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The...
9CVSS
9AI Score
0.005EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...
7.8CVSS
8AI Score
0.001EPSS
Pyramid static view path traversal up one directory
Impact This impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be...
5.3CVSS
6.7AI Score
0.001EPSS
An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary...
9.8CVSS
9.6AI Score
0.002EPSS
Pyramid static view path traversal up one directory
Impact This impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a index.html file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be...
5.3CVSS
6.7AI Score
0.001EPSS
Shodan Dorks by twitter.com/lothos612 Feel free to make suggestions Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:"Bangalore" country: Find devices in a particular country. country:"IN" geo: Find devices by giving geographical coordinates....
9.8CVSS
7.3AI Score
0.974EPSS